CS0-002 exam

Clients are unable to access a company’s API to obtain pricing data. An analyst discovers sources other than clients are scraping the API for data, which is causing the servers to exceed available resources. Which of the following would be BEST to protect the availability of the APIs?A . IP...

A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets. Which of the following is the BEST example of the level of sophistication this threat actor is using?A . Social media accounts attributed to...

An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform. Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?A . FaaSB . RTOSC . SoCD . GPSE . CAN busView AnswerAnswer: E

A security analyst is supporting an embedded software team. Which of the following is the BEST recommendation to ensure proper error handling at runtime?A . Perform static code analysis.B . Require application fuzzing.C . Enforce input validationD . Perform a code reviewView AnswerAnswer: B

A cybersecurity analyst is contributing to a team hunt on an organization's endpoints. Which of the following should the analyst do FIRST?A . Write detection logic.B . Establish a hypothesis.C . Profile the threat actors and activities.D . Perform a process analysis.View AnswerAnswer: C Reference: https://www.cybereason.com/blog/blog-the-eight-steps-to-threat-hunting

While analyzing logs from a WAF, a cybersecurity analyst finds the following: Which of the following BEST describes what the analyst has found?A . This is an encrypted GET HTTP requestB . A packet is being used to bypass the WAFC . This is an encrypted packetD . This is...

A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided. Which of the following data privacy standards does this violate?A . Purpose...

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL: Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?A . PC1B . PC2C . Server1D . Server2E . FirewallView AnswerAnswer: B

While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security. To provide the MOST secure access model in this scenario, the jumpbox should be.A . placed in an isolated network segment, authenticated on the IT...

It is important to parameterize queries to prevent:A . the execution of unauthorized actions against a database.B . a memory overflow that executes code with elevated privileges.C . the establishment of a web shell that would allow unauthorized access.D . the queries from using an outdated library with security vulnerabilities.View...